Attesting a KVM guest
Use attestation as evidence that the KVM guest runs in secure-execution mode. If the KVM guest was built for one particular IBM Z server, the attestation also verifies that the KVM guest runs on that specific server.
If the KVM guest was built for several servers, the attestation only verifies that the KVM guest runs on one of those servers.
Before you begin
- Access to the secure execution header of the KVM guest to be attested.
- Access to the KVM guest to be attested.
- On the KVM guest to be attested: You need to be able to send and receive requests and responses to the KVM guest.
- A host key document of the IBM Z system where the guest to be attested runs.
- The IBM Z signing-key certificate (also called a host-key-signing-key certificate) used by IBM to sign the host key document.
- An intermediate CA certificate used to sign the IBM Z signing-key certificate.
- The IBM Secure Execution header from the KVM guest to be
attested, see Extracting an IBM Secure Execution header.
Using a trusted Linux instance, extract the header from the KVM guest image before you submit it to the cloud provider.
You require the pvattest command, which is included in your distribution. For details about the command, see pvattest - Create, perform, and verify attestation requests.
About this task
- The KVM guest to be attested. In the examples in this section, this KVM guest is called secguest.
- A trusted Linux instance. In the examples in this section, this Linux instance is called
trusted. This instance can be:
- A Linux instance running on IBM Z hardware. If you want to use IBM Z, the Linux instance should be a previously attested secure execution guest or be on your premises and managed by trusted personnel.
- A Linux instance running on x86 hardware. No special setup is required. If you want to use a local workstation, it must adhere to the security policies of your organization. For information about building the pvattest command, see Building pvattest on Linux on x86 hardware.
The trusted Linux instance requires the pvattest. The first attestation is typically done on a system you fully control, such as your laptop.

Procedure
Results
[trusted]# pvattest verify -i attresp.bin --arpk arp.key --hdr hdr.bin
[trusted]# echo $?
0
If the result of the pvattest perform command and the calculated results do not match, the command ends with an error and exit code 2:
[trusted]# pvattest verify -i wrongmeas.bin --arpk arp.key --hdr hdr.bin
ERROR: Attestation measurement verification failed:
Calculated and received attestation measurement are not the same.
[trusted]# echo $?
2